使用Affise MMP(移动测量合作伙伴)使您的应用程序更上一层楼
立即加入 ⚡

中文

登录

 免费注册
Back to Glossary

Click Injection

i

A fraudulent technique where fake clicks are generated just before an app install.

What is click injection?

Click injection is a sophisticated form of click fraud primarily targeting the Android ecosystem, designed to steal credit for organic app installs. Unlike simpler methods that generate fake clicks at random times, click injection is a highly timed and deliberate attack that exploits a specific technical process.

The fraud occurs when a malicious application, often installed on a user’s device, detects that another app is being installed. Just milliseconds before the installation is completed, the malicious app triggers a fraudulent click on a corresponding ad. This fraudulent click is timed so precisely that when the MMP receives the “app installed” signal, the last-click attribution model assigns the install credit to the fraudster, instead of the legitimate source (if any).

How does click injection work?

The mechanism relies on a specific Android system feature: install broadcasts. These system-wide notifications, designed for app coordination, are exploited by fraudsters to detect the exact moment a new app is being installed.

  1. Detection: A device has a malicious app running in the background.

  2. Trigger: The user downloads and begins installing an app (e.g., a new game) from an organic source like the Google Play Store.

  3. Injection: The malicious app detects this installation trigger and immediately fires a fake click on an ad for that exact same game.

  4. Attribution: The MMP sees this click and the subsequent install happening almost simultaneously. Following the standard last-click model, it attributes the install to the fraudulent ad source.

  5. Payout: The fraudulent network or publisher receives an undeserved payout for an install that was going to happen organically.

How to prevent click injection?

Click injection is difficult to catch because fraudsters employ real devices and meticulously timed clicks that easily mimic legitimate user activity. That’s why to successfully block click injection, advertisers need more than standard attribution filters. They require a dedicated, proactive fraud solution engineered to detect sophisticated fraudulent patterns and halt them in real time before they can impact the advertising budget.